Hello.
On Wed 2002-10-02 at 09:49:30 -0400, [EMAIL PROTECTED] wrote:
> Hi! I found a security bug on mysqlgui-win32-static-1.7.5-2. When I
> install it on my desktop (win2k), I setup a password for the
> database.
What does "setup a password for the database" mean? Passwords are not
per-database with MySQL, but per user.
> However, if I install the mysqlgui on any machine in the local
> network, I could access the database on my desktop (from any machine
> on the local network) without the password.
Because the password will be required, if you set it up this way,
IMHO, there are two possibilities:
1. The configuration of the server is broken and does not require a
password as you think it does.
2. The GUI sends the correct password, therefore must know the correct
password, therefore has somehow access to it. Maybe you have a
shared Home in the local network and the GUI saved the password
there? Whatever.
Regarding 1., try to connect with a different client and see what
happens.
Regarding 2., if this is true, you may view the way in which the GUI
shared the password, whatever the details are, as insecure, and you
probably have a point. I guess it is quite simply to tell the GUI to
not save password between sessions. I don't know details, because I do
not use this GUI.
Regards,
Benjamin.
--
[EMAIL PROTECTED]
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
